Cover Your Tracks in Linux
Last modified: 2023-11-15
Post Exploitation
After exploitation in Linux system, attackers want to erase their activities and be undetectable.
Clear History
unset HISTORY
echo '' > ~/.bash_history
echo '' > /root/.bash_history
history -c
export HISTSIZE=0
unset HISTFILE
Clear Logs
# Shrink the size of log files with `truncate -s 0`
truncate -s 0 /var/log/auth.log
echo '' > /var/log/auth.log
cat /dev/null > /var/log/auth.log
> /var/log/auth.log
dd if=/dev/null of=/var/log/auth.log
shred /var/log/auth.log